Notifications

BLACKBIRD can be configured to deliver real-time notifications for discovered vulnerabilities, scan status changes and OAST Server invocations.

Setting Up Notifications

To set up notifications, you will be required to enable them first. BLACKBIRD provides 2 types of notifications. In-App Notifications and External Notifications.

In-App Notifications

In-App Notifications are available by default and can be accessed from anywhere on your Pentesting Suite or by navigating to the dedicated notifications page.

External Notifications

BLACKBIRD can also be set up to notify you on your preferred messaging channel. We currently support 4 different types of messaging channels:

  • Email
  • Slack
  • Discord
  • And, Telegram

The setup process for each one of them is simple and straightforward. Follow the instructions below for your preferred channel.

Setting Up Email Notifications

To receive notifications on your email inbox:

1

Select Preferred Channel

Select Email from the Preferred Channel list.

2

Enter Email Address

Next, enter your email address where you’d like to receive notifications on.

3

Save Your Preferences

Finally, scroll to the bottom of the page and click Save. Alternatively, you can click on Send a test notification to test your new integration.

Setting Up Discord Notifications

To receive notifications on your existing Discord channel:

1

Select Preferred Channel

Select Discord from the Preferred Channel list.

2

Create Discord Webhook

Next, you must create a Discord webhook. We recommend you to follow this official guide.

3

Submit Your Webhook

You will receive a webhook in the following format: https://discord.com/api/webhooks/{Discord ID}/{Discord Token}. You will have to submit the Discord ID and Discord Token in their respective fields as displayed in the figure below.

4

Save Your Preferences

Finally, scroll to the bottom of the page and click Save. Alternatively, you can click on Send a test notification to test your new integration.

Setting Up Slack Notifications

To receive notifications on your existing Slack channel:

1

Select Preferred Channel

Select Slack from the Preferred Channel list.

2

Create Slack Webhook

Next, you must create a Slack webhook. We recommend you to follow this official guide.

3

Submit Your Webhook

You will receive a webhook in the following format: https://hooks.slack.com/services/T{Slack Team ID}/B{Slack Bot ID}/{Slack Channel ID}. You will have to submit the Slack Team ID, the Slack Bot ID and the Slack Channel ID in their respective fields as displayed in the figure below.

Please make sure to only enter the IDs, you do not have to prefix the Slack Team ID or Slack Bot ID with the T and B keywords.

4

Save Your Preferences

Finally, scroll to the bottom of the page and click Save. Alternatively, you can click on Send a test notification to test your new integration.

Setting Up Telegram Notifications

To receive notifications on your existing Telegram channel:

1

Select Preferred Channel

Select Telegram from the Preferred Channel list.

2

Create Telegram Bot

Next, you must create a Telegram Bot. We recommend you to follow this official guide.

3

Submit Your Bot Credentials

You will receive a Bot Token (for HTTP API access). This Telegram token will be in the following format: {Telegram Chat ID}:{Telegram Bot Token}. You will have to submit the Telegram Bot Token and the Telegram Chat ID in their respective fields as displayed in the figure below.

Please note that your Telegram Bot Token field must be in the following format: {Telegram Chat ID}:{Telegram Bot Token}.

4

Save Your Preferences

Finally, scroll to the bottom of the page and click Save. Alternatively, you can click on Send a test notification to test your new integration.

When Are Notifications Sent?

Notifications are sent on the following occassions:

  • When a new security vulnerability has been discovered and validated
  • When a scan status changes from pending to success
  • When your Private OAST server receives an invocation (for example, a Blind XSS)
  • When a change was detected on any of your JavaScript file monitors

To prevent overloading you with notifications, we intentionally surpress notifications for discovered security vulnerabilities with a severity set to informative.